Government Contracts Insights

August 12, 2024 - Cybersecurity & Data Privacy
FedRAMP to the Future
By: Tina D. Reynolds and Sandeep N. Nandivada
The Federal Risk and Authorization Management Program (FedRAMP), the program for authorization of cloud services for sale to the federal government that has been around since 2011, is getting an upgrade. On July 25, 2024, the Office of Management and Budget (OMB) issued a
... ›
January 02, 2024 - Protests & Litigation, Cybersecurity & Data Privacy, Compliance
An Overview of the Defense Department’s Long-Awaited Proposed Regulations for Its Cybersecurity Maturity Model Certification Program
By: Tina D. Reynolds
The U.S. Department of Defense released a special holiday treat for government contractors and subcontractors last week in the form of long-promised proposed regulations for its Cybersecurity Maturity Model Certification (CMMC) program. More than two years in the making, the current iteration of the
... ›
October 06, 2023 - Cybersecurity & Data Privacy, Federal Procurement
The FAR Council’s Proposed Cybersecurity Overhaul: Lots of Questions, but Only Some Answers
By: Tina D. Reynolds and Sandeep N. Nandivada
In what can best be described as a tsunami of cybersecurity regulation, the Federal Acquisition Regulation (FAR) Council—consisting of the Department of Defense (DoD), General Services Administration (GSA), and National Aeronautics and Space Administration (NASA)—issued two proposed rules on October 2, 2023. If implemented, the
... ›
June 22, 2023 - Compliance, Cybersecurity & Data Privacy
When Does the So-Called TikTok Ban Really Apply to Contractors and Their Employees?
By: Tina D. Reynolds, James A. Tucker and Locke Bell
In the extensive chatter since the Federal Acquisition Regulatory Council (“FAR Council”) published an interim rule on the new Federal Acquisition Regulation (FAR) 52.204-27, “Prohibition on a ByteDance Covered Application,” commentators have almost universally advised that if a federal contractor’s employee uses a device
... ›
May 15, 2023 - Cybersecurity & Data Privacy
NIST Releases Revised Cybersecurity Controls and Requirements for Protection of Controlled Unclassified Information Resident in Contractor Information Technology Systems
By: Tina D. Reynolds and Sandeep N. Nandivada
On May 10, 2023, the National Institute of Standards and Technology (“NIST”) released an Initial Public Draft of Revision 3 to NIST Special Publication (“SP”) 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. Although still in draft form, the document provides important
... ›
May 02, 2023 - Cybersecurity & Data Privacy
Federal Government Provides Further Guidance and Draft Attestation Form for Software It Acquires
By: Tina D. Reynolds and Markus Gerhard Speidel
The Cybersecurity and Infrastructure Security Agency (CISA) of the Department of Homeland Security (DHS) recently published a draft version of a Secure Software Development Attestation Common Form. The draft Common Form is designed to confirm that software producers ( i.e. , the manufacturers/developers of software
... ›
September 20, 2022 - Cybersecurity & Data Privacy
Companies Selling Software to the U.S. Government Soon Must Attest to Compliance with NIST Guidance on Software Supply Chain Security
By: Tina D. Reynolds and Markus Gerhard Speidel
Software companies that sell commercial software products to federal agencies soon must begin attesting to their compliance with guidance designed to enhance the security of the software supply chain. Under a new White House Office of Management and Budget (OMB) memorandum issued September 14,
... ›
October 14, 2021 - Cybersecurity & Data Privacy
DOJ Cyber-Fraud Initiative Highlights Potential Civil Liability for Failing to Meet Federal Cybersecurity Requirements
By: Tina D. Reynolds
The Department of Justice (DOJ) has created a new Civil Cyber-Fraud Initiative to use the power of the False Claims Act (FCA) to initiate suits against federal contractors and grant recipients that fall short of their regulatory and contractual cybersecurity obligations. This initiative, announced
... ›
July 23, 2021 - Cybersecurity & Data Privacy, National Security
U.S. Congress Introduces Bill that Would Require Mandatory 24 Hour Cyber Breach Notification for Government Agencies, Contractors, and Operators of Critical Infrastructure
By: Tina D. Reynolds
This week, U.S. Senator Mark Warner (D-VA), chair of the Senate Intelligence Committee, and a broad group of bipartisan co-sponsors, introduced legislation that would require government agencies, contractors, and operators of critical infrastructure to report cyber incidents to the U.S. Cybersecurity and Infrastructure Security
... ›
June 01, 2021 - Cybersecurity & Data Privacy
Executive Order on Cybersecurity Expands Mandatory Breach Notification and Supply Chain Security Requirements for Government Contractors
By: Tina D. Reynolds and Sandeep N. Nandivada
On May 12, 2021, the Biden administration issued an ambitious Executive Order on Improving the Nation’s Cybersecurity (EO) declaring the prevention, detection, assessment, and remediation of cyber incidents to be a “top priority and essential to national and economic security.” Over 8,000 words long,
... ›

Topic Archives: Cybersecurity & Data Privacy

FedRAMP to the Future

By: Tina D. Reynolds and Sandeep N. Nandivada

An Overview of the Defense Department’s Long-Awaited Proposed Regulations for Its Cybersecurity Maturity Model Certification Program

By: Tina D. Reynolds

The FAR Council’s Proposed Cybersecurity Overhaul: Lots of Questions, but Only Some Answers

By: Tina D. Reynolds and Sandeep N. Nandivada

When Does the So-Called TikTok Ban Really Apply to Contractors and Their Employees?

By: Tina D. Reynolds, James A. Tucker and Locke Bell

NIST Releases Revised Cybersecurity Controls and Requirements for Protection of Controlled Unclassified Information Resident in Contractor Information Technology Systems

By: Tina D. Reynolds and Sandeep N. Nandivada

Federal Government Provides Further Guidance and Draft Attestation Form for Software It Acquires

By: Tina D. Reynolds and Markus Gerhard Speidel

Companies Selling Software to the U.S. Government Soon Must Attest to Compliance with NIST Guidance on Software Supply Chain Security

By: Tina D. Reynolds and Markus Gerhard Speidel

DOJ Cyber-Fraud Initiative Highlights Potential Civil Liability for Failing to Meet Federal Cybersecurity Requirements

By: Tina D. Reynolds

U.S. Congress Introduces Bill that Would Require Mandatory 24 Hour Cyber Breach Notification for Government Agencies, Contractors, and Operators of Critical Infrastructure

By: Tina D. Reynolds

Executive Order on Cybersecurity Expands Mandatory Breach Notification and Supply Chain Security Requirements for Government Contractors

By: Tina D. Reynolds and Sandeep N. Nandivada